Analysis Report
Overview
General Information |
|---|
| Joe Sandbox Version: | 18.0.0 |
| Analysis ID: | 34027 |
| Start time: | 14:11:06 |
| Joe Sandbox Product: | Cloud |
| Start date: | 27.02.2017 |
| Overall analysis duration: | 0h 14m 10s |
| Report type: | full |
| Sample file name: | d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038.app |
| Cookbook file name: | default.jbs |
| Analysis system description: | Mac Mini, El Capitan 10.11.6 (Java 1.8.0_25) |
| Detection: | MAL |
| Classification: | mal60.rans.troj.macAPP@0/38@0/0 |
| Warnings: | Show All
|
Detection |
|---|
| Strategy | Score | Range | Reporting | Detection | |
|---|---|---|---|---|---|
| Threshold | 60 | 0 - 100 | Report FP / FN | ||
Signature Overview |
|---|
- • Spam, unwanted Advertisements and Ransom Demands
- • Networking
- • Persistence and Installation Behavior
- • System Summary
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Spam, unwanted Advertisements and Ransom Demands: |
|---|
| Deletes many files in the user directory | |||
| Source: /usr/bin/zip (PID: 645) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 647) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 651) | User file deleted: | ||
| Source: /bin/rm (PID: 652) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 654) | User file deleted: | ||
| Source: /bin/rm (PID: 655) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 657) | User file deleted: | ||
| Source: /bin/rm (PID: 658) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 660) | User file deleted: | ||
| Source: /bin/rm (PID: 661) | User file deleted: | ||
| Source: /usr/bin/zip (PID: 663) | User file deleted: | ||
| Writes a notice file (html or txt) to demand a ransom | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: | ||
| Writes encrypted ZIP files to disk | |||
| Source: /usr/bin/find (PID: 641) | Touch executable: | ||
| Source: /usr/bin/find (PID: 642) | Touch executable: | ||
| Source: /usr/bin/find (PID: 643) | Touch executable: | ||
| Source: /usr/bin/find (PID: 644) | Touch executable: | ||
| Source: /usr/bin/find (PID: 645) | Touch executable: | ||
| Source: /usr/bin/find (PID: 647) | Touch executable: | ||
| Source: /usr/bin/find (PID: 651) | Touch executable: | ||
| Source: /usr/bin/find (PID: 654) | Touch executable: | ||
| Source: /usr/bin/find (PID: 657) | Touch executable: | ||
| Source: /usr/bin/find (PID: 660) | Touch executable: | ||
| Source: /usr/bin/find (PID: 663) | Touch executable: | ||
| Source: /usr/bin/find (PID: 665) | Touch executable: | ||
Networking: |
|---|
| Detected TCP or UDP traffic on non-standard ports | |||
| Source: global traffic | TCP traffic: | ||
| Source: global traffic | TCP traffic: | ||
Persistence and Installation Behavior: |
|---|
| Reads data from the local random generator | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 645) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 647) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 651) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 654) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 657) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 660) | Random device file read: | ||
| Source: /usr/bin/zip (PID: 663) | Random device file read: | ||
| Uses AppleKeyboardLayouts bundle containing keyboard layouts | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | AppleKeyboardLayouts info plist opened: | ||
| Creates hidden files, links and/or directories | |||
| Source: /usr/bin/zip (PID: 645) | Hidden file created: | ||
| Source: /usr/bin/zip (PID: 645) | Hidden file moved: | ||
| Executes the "touch" command used to create files or modify time stamps | |||
| Source: /usr/bin/find (PID: 626) | Touch executable: | ||
| Source: /usr/bin/find (PID: 628) | Touch executable: | ||
| Source: /usr/bin/find (PID: 630) | Touch executable: | ||
| Source: /usr/bin/find (PID: 632) | Touch executable: | ||
| Source: /usr/bin/find (PID: 634) | Touch executable: | ||
| Source: /usr/bin/find (PID: 636) | Touch executable: | ||
| Source: /usr/bin/find (PID: 638) | Touch executable: | ||
| Source: /usr/bin/find (PID: 653) | Touch executable: | ||
| Source: /usr/bin/find (PID: 656) | Touch executable: | ||
| Source: /usr/bin/find (PID: 659) | Touch executable: | ||
| Source: /usr/bin/find (PID: 662) | Touch executable: | ||
| Reads launchservices plist files | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Launchservices plist file read: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Launchservices plist file read: | ||
| Reads user launchservices plist file containing default apps for corresponding filetypes | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Preferences launchservices plist file read: | ||
| Uses AppleScript framework/components containing Apple Script related functionalities | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | AppleScript framework/component info plist opened: | ||
| Writes ZIP files to disk | |||
| Source: /usr/bin/zip (PID: 645) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 647) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 651) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 654) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 657) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 660) | ZIP file created: | ||
| Source: /usr/bin/zip (PID: 663) | ZIP file created: | ||
| Writes files to the user's download directory | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | File created in download directory: | ||
| Executes the "rm" command used to delete files or directories | |||
| Source: /usr/bin/find (PID: 646) | Rm executable: | ||
| Source: /usr/bin/find (PID: 649) | Rm executable: | ||
| Source: /usr/bin/find (PID: 652) | Rm executable: | ||
| Source: /usr/bin/find (PID: 655) | Rm executable: | ||
| Source: /usr/bin/find (PID: 658) | Rm executable: | ||
| Source: /usr/bin/find (PID: 661) | Rm executable: | ||
| Source: /usr/bin/find (PID: 664) | Rm executable: | ||
System Summary: |
|---|
| Classification label | |||
| Source: classification engine | Classification label: | ||
HIPS / PFW / Operating System Protection Evasion: |
|---|
| Reads the sysctl safe boot value (probably to check if the system is in safe boot mode) | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl read request: | ||
Language, Device and Operating System Detection: |
|---|
| Reads the system or server version plist file | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | System or server version plist file read: | ||
| Reads hardware related sysctl values | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl read request: | ||
| Reads the systems OS release and/or type | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: | ||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: | ||
| Reads the systems hostname | |||
| Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: | ||
Runtime Messages |
|---|
| Command: | open |
| Exitcode: | 0 |
| Killed: | False |
| Standard Output: | |
| Standard Error: |
| No Yara matches |
|---|
|
| File Path | Type and Hashes |
|---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
| No contacted domains info |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Country | Flag | ASN | ASN Name |
|---|---|---|---|---|
| 17.188.165.208 | United States | 714 | AppleInc | |
| 8.8.4.4 | United States | 15169 | GoogleInc | |
| 17.252.92.24 | United States | 714 | AppleInc |
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| TrID: |
|
| File name: | d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038.app |
| File size: | 2286979 |
| MD5: | 1b8be665af7729618d70bad773aac423 |
| SHA1: | 1b7380d283ceebcabb683464ba0bb6dd73d6e886 |
| SHA256: | d19b903adbd0f8c119d0d8f25b194bdd24b737357a517f23ca5cdc6c75b35038 |
| SHA512: | f7ef377ae59a6316678775ef221070199409ff8b9bf04b311cee98edcd62576dec9946dba2cdfc959ed09fb2920bfe4d018036719e934778531f8285aee26f91 |
| File Content Preview: | PK.........n.J................Office 2016 Patcher.app/UX..!.zX..zX....PK.........n.J............!...Office 2016 Patcher.app/Contents/UX..!.zX..zX....PK.........n.J............0...Office 2016 Patcher.app/Contents/_CodeSignature/UX.. .zX..zX....PK.........n |
General Informations | |
|---|---|
| Package Info: | |
| Property List File: | |
| Name | Type |
|---|---|
| libswiftAppKit.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftCore.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftCoreData.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftCoreGraphics.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftCoreImage.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftDarwin.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftDispatch.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftFoundation.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftIOKit.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftObjectiveC.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftQuartzCore.dylib | Mach-O 64-bit dynamically linked shared library |
| libswiftXPC.dylib | Mach-O 64-bit dynamically linked shared library |
| Name | Type |
|---|---|
| AppIcon.icns | data |
| Office 2016 Patcher | Mach-O 64-bit executable |
General Informations for header0 | |
|---|---|
| Endian: | |
| Size: | |
| Architecture: | |
| Filetype: | |
| Nbr. of load commands: | 33 |
| Name | Value | |
|---|---|---|
| segname | __PAGEZERO | |
| fileoff | 0 | |
| maxprot | 0 | |
| vmsize | 4294967296 | |
| nsects | 0 | |
| flags | 0 | |
| filesize | 0 | |
| vmaddr | 0 | |
| initprot | 0 | |
| Name | Value | |
|---|---|---|
| segname | __TEXT | |
| fileoff | 0 | |
| maxprot | 7 | |
| vmsize | 28672 | |
| nsects | 12 | |
| flags | 0 | |
| filesize | 28672 | |
| vmaddr | 4294967296 | |
| initprot | 5 | |
| Datas | sectname | __text |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294972688 | |
| align | 4 | |
| nreloc | 0 | |
| flags | 2147484672 | |
| offset | 5392 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 15572 | |
| sectname | __stubs | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294988260 | |
| align | 1 | |
| nreloc | 0 | |
| flags | 2147484680 | |
| offset | 20964 | |
| reserved2 | 6 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 204 | |
| sectname | __stub_helper | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294988464 | |
| align | 2 | |
| nreloc | 0 | |
| flags | 2147484672 | |
| offset | 21168 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 356 | |
| sectname | __const | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294988832 | |
| align | 4 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 21536 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 354 | |
| sectname | __cstring | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294989200 | |
| align | 4 | |
| nreloc | 0 | |
| flags | 2 | |
| offset | 21904 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 4058 | |
| sectname | __objc_methname | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294993258 | |
| align | 0 | |
| nreloc | 0 | |
| flags | 2 | |
| offset | 25962 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 1888 | |
| sectname | __swift3_typeref | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995152 | |
| align | 4 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 27856 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 257 | |
| sectname | __swift3_reflstr | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995409 | |
| align | 0 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 28113 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 33 | |
| sectname | __swift3_fieldmd | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995444 | |
| align | 2 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 28148 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 108 | |
| sectname | __swift3_assocty | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995552 | |
| align | 2 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 28256 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 96 | |
| sectname | __unwind_info | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995648 | |
| align | 2 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 28352 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 164 | |
| sectname | __eh_frame | |
| segname | __TEXT | |
| reloff | 0 | |
| addr | 4294995816 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 28520 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 152 | |
| Name | Value | |
|---|---|---|
| segname | __DATA | |
| fileoff | 28672 | |
| maxprot | 7 | |
| vmsize | 8192 | |
| nsects | 14 | |
| flags | 0 | |
| filesize | 8192 | |
| vmaddr | 4294995968 | |
| initprot | 3 | |
| Datas | sectname | __got |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294995968 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 6 | |
| offset | 28672 | |
| reserved2 | 0 | |
| reserved1 | 34 | |
| reserved3 | 0 | |
| size | 88 | |
| sectname | __nl_symbol_ptr | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996056 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 6 | |
| offset | 28760 | |
| reserved2 | 0 | |
| reserved1 | 45 | |
| reserved3 | 0 | |
| size | 16 | |
| sectname | __la_symbol_ptr | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996072 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 7 | |
| offset | 28776 | |
| reserved2 | 0 | |
| reserved1 | 47 | |
| reserved3 | 0 | |
| size | 272 | |
| sectname | __objc_classlist | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996344 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 268435456 | |
| offset | 29048 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 8 | |
| sectname | __objc_protolist | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996352 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 29056 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 24 | |
| sectname | __objc_imageinfo | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996376 | |
| align | 2 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 29080 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 8 | |
| sectname | __objc_const | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294996384 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 29088 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 3312 | |
| sectname | __objc_selrefs | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294999696 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 268435461 | |
| offset | 32400 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 104 | |
| sectname | __objc_protorefs | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294999800 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 32504 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 24 | |
| sectname | __objc_classrefs | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294999824 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 268435456 | |
| offset | 32528 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 48 | |
| sectname | __objc_data | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4294999872 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 32576 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 272 | |
| sectname | __data | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4295000144 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 0 | |
| offset | 32848 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 232 | |
| sectname | __common | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4295000376 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 1 | |
| offset | 0 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 8 | |
| sectname | __bss | |
| segname | __DATA | |
| reloff | 0 | |
| addr | 4295000384 | |
| align | 3 | |
| nreloc | 0 | |
| flags | 1 | |
| offset | 0 | |
| reserved2 | 0 | |
| reserved1 | 0 | |
| reserved3 | 0 | |
| size | 8 | |
| Name | Value | |
|---|---|---|
| segname | __LINKEDIT | |
| fileoff | 36864 | |
| maxprot | 7 | |
| vmsize | 20480 | |
| nsects | 0 | |
| flags | 0 | |
| filesize | 16848 | |
| vmaddr | 4295004160 | |
| initprot | 1 | |
| Name | Value | |
|---|---|---|
| lazy_bind_size | 1576 | |
| lazy_bind_off | 38264 | |
| weak_bind_size | 0 | |
| rebase_size | 200 | |
| export_off | 39840 | |
| export_size | 104 | |
| bind_off | 37064 | |
| rebase_off | 36864 | |
| bind_size | 1200 | |
| weak_bind_off | 0 | |
| Name | Value | |
|---|---|---|
| strsize | 2344 | |
| symoff | 39984 | |
| stroff | 41428 | |
| nsyms | 70 | |
| Name | Value | |
|---|---|---|
| extreloff | 0 | |
| nlocrel | 0 | |
| indirectsymoff | 41104 | |
| modtaboff | 0 | |
| nextrel | 0 | |
| iundefsym | 2 | |
| nmodtab | 0 | |
| ilocalsym | 0 | |
| nundefsym | 68 | |
| nextrefsyms | 0 | |
| locreloff | 0 | |
| ntoc | 0 | |
| nlocalsym | 1 | |
| tocoff | 0 | |
| extrefsymoff | 0 | |
| nindirectsyms | 81 | |
| iextdefsym | 1 | |
| nextdefsym | 1 | |
| Name | Value | |
|---|---|---|
| name | 12 | |
| Data | /usr/lib/dyld | |
| Name | Value | |
|---|---|---|
| uuid | c648413d14dc3d79b3525d7b92cfded8 | |
| Name | Value | |
|---|---|---|
| version | 658176 | |
| reserved | 658432 | |
| Name | Value | |
|---|---|---|
| version | 0 | |
| Name | Value | |
|---|---|---|
| stacksize | 0 | |
| entryoff | 6960 | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.44.1 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 6400.69.5 | |
| Data | /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 0.228.0 | |
| Data | /usr/lib/libobjc.A.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 0.214.4 | |
| Data | /usr/lib/libSystem.B.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.45.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 19200.224.5 | |
| Data | /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.150.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 7168.68.5 | |
| Data | /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftAppKit.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftCore.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftCoreData.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftCoreGraphics.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftCoreImage.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftDarwin.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftDispatch.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftFoundation.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftIOKit.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftObjectiveC.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftQuartzCore.dylib | |
| Name | Value | |
|---|---|---|
| compatibility_version | 0.1.0 | |
| timestamp | Thu Jan 01 01:00:02 1970 | |
| name | 24 | |
| current_version | 63.32.3 | |
| Data | @rpath/libswiftXPC.dylib | |
| Name | Value | |
|---|---|---|
| path | 12 | |
| Data | @executable_path/../Frameworks | |
| Name | Value | |
|---|---|---|
| dataoff | 39944 | |
| datassize | 40 | |
| Name | Value | |
|---|---|---|
| dataoff | 39984 | |
| datassize | 0 | |
| Name | Value | |
|---|---|---|
| dataoff | 43776 | |
| datassize | 9936 | |
Network Behavior |
|---|
Network Port Distribution |
|---|
- Total Packets: 6
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 27, 2017 14:13:41.102061987 MEZ | 53508 | 53 | 192.168.0.50 | 8.8.4.4 |
| Feb 27, 2017 14:13:42.101917982 MEZ | 53 | 53508 | 8.8.4.4 | 192.168.0.50 |
| Feb 27, 2017 14:13:48.749927044 MEZ | 49280 | 5223 | 192.168.0.50 | 17.252.92.24 |
| Feb 27, 2017 14:13:48.749958992 MEZ | 5223 | 49280 | 17.252.92.24 | 192.168.0.50 |
| Feb 27, 2017 14:13:48.821258068 MEZ | 5223 | 49280 | 17.252.92.24 | 192.168.0.50 |
| Feb 27, 2017 14:13:48.821456909 MEZ | 49280 | 5223 | 192.168.0.50 | 17.252.92.24 |
| Feb 27, 2017 14:13:50.815836906 MEZ | 49279 | 5223 | 192.168.0.50 | 17.188.165.208 |
| Feb 27, 2017 14:13:50.815860987 MEZ | 5223 | 49279 | 17.188.165.208 | 192.168.0.50 |
| Feb 27, 2017 14:13:50.965436935 MEZ | 5223 | 49279 | 17.188.165.208 | 192.168.0.50 |
| Feb 27, 2017 14:13:50.965703964 MEZ | 49279 | 5223 | 192.168.0.50 | 17.188.165.208 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 27, 2017 14:13:41.102061987 MEZ | 53508 | 53 | 192.168.0.50 | 8.8.4.4 |
| Feb 27, 2017 14:13:42.101917982 MEZ | 53 | 53508 | 8.8.4.4 | 192.168.0.50 |
System Behavior |
|---|
| Start time: | 14:11:36 |
| Start date: | 27/02/2017 |
| Path: | /usr/libexec/xpcproxy |
| File size: | 42656 bytes |
| MD5 hash: | d68b4c6f2056c73e1d3bd228bcd6d4ff |
File Activities
Process Activities
System Activities
| Start time: | 14:11:36 |
| Start date: | 27/02/2017 |
| Path: | /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher |
| File size: | 53712 bytes |
| MD5 hash: | fc22fbe8dda4258a9f0ceb7e15a04fc2 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:39 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/touch |
| File size: | 23248 bytes |
| MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /bin/rm |
| File size: | 23744 bytes |
| MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
File Activities
Process Activities
System Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/find |
| File size: | 51584 bytes |
| MD5 hash: | 64fb7128066436f7954ecd6eaf22b2ad |
Process Activities
| Start time: | 14:11:40 |
| Start date: | 27/02/2017 |
| Path: | /usr/bin/zip |
| File size: | 175408 bytes |
| MD5 hash: | 135ed1f0d2d93d1581715999e16cdeed |